With Adjust’s S2S Security feature, you can guarantee the security of your S2S events and protect against spoofed requests. After you set up S2S authentication each incoming request must carry a token generated in your Adjust dashboard. Requests that don’t carry a valid token are rejected by Adjust’s servers.
Before you begin
Here’s what you need to know before getting started.
S2S Security isn’t compatible with Google Tag Manager event measurement. Using Adjust’s S2S authentication tokens in your Google Tag Manager configuration means that incoming Google Tag events are rejected.
Requirements
Create an S2S token
You must configure at least one token to enable S2S authentication.
- Under AppView, select All apps.
- Select your app.
- Select the Protection tab.
- Under the S2S Security section, select Open S2S Security.
- Select Add token.
- Enter a token name, and select Add token.
- Select the copy icon to copy the token, and send it to your developer to add to your S2S event requests.
- Ask your developer to run tests to confirm the integration.
At this point, S2S authentication isn’t active and requests carrying invalid tokens are still accepted. Speak to your dedicated Technical Account Manager or contact support@adjust.com to validate the setup before activating S2S authentication.
Token scopes
When S2S authentication is enabled, you must specify scopes for each token. Scopes define what actions you can take using a token. The following scopes are available:
- Events: grants the ability to send event data.
- Sessions: grants the ability to send session data.
- Ad revenue: grants the ability to send ad revenue data.
Create a scoped token
To create a new scoped token:
-
Under AppView, select All apps.
-
Select your app.
-
Select the Protection tab.
-
Under the S2S Security section, select Open S2S Security.
-
Select Add token. A modal appears.
-
In the modal that appears, enter a token Token name.
-
Select the scope or scopes you want to assign to the token from the Scope dropdown. You can select multiple scopes for each token.
-
Select Add token to save your token.
-
Select Copy token and close to copy the token. Send it to your developer to add to your S2S event requests.
The scopes of each token are visible in the token list.
Modify a scoped token
To modify the scopes of an existing token:
-
Under AppView, select All apps.
-
Select your app.
-
Select the Protection tab.
-
Under the S2S Security section, select Open S2S Security.
-
Find your token in the list and select the edit icon.
-
Add or remove scopes from the Scope dropdown.
-
Select Edit token to save your changes.
Activate S2S authentication
Activate S2S authentication only after your developer has tested token implementation, and your Technical Account Manager or support@adjust.com has validated your setup.
To activate S2S authentication, follow these steps.
- Under AppView, select All apps.
- Select your app.
- Select the Protection tab.
- Under the S2S Security section, select Open S2S Security.
- Ensure you have at least one token configured.
- Switch the toggle ON. A warning message appears to inform you that only requests sent with configured tokens will work.
- Select Turn on to proceed.
Now, all incoming S2S requests are required to carry an active authentication token. If you previously configured a token without any scopes, these will continue to work for all endpoints. For added security, you should use scoped tokens.
Example authenticated request
curl -v -X \POST -H \"Authorization: Bearer v8s5opi0zs45607l8h8c48wak2vxb5oe" \"https://s2s.adjust.com/event?s2s=1&app_token=abc123kuvada7&event_token=xyzklm&gps_adid=11110111-2345-6789-1122-000000005678"> POST /event?s2s=1&app_token=abc123kuvada7&event_token=xyzklm&gps_adid=11110111-2345-6789-1122-000000005678 HTTP/1.1> Host: s2s.adjust.com> User-Agent: curl/7.54.0> Accept: */*> Authorization: Bearer v8s5opi0zs45607l8h8c48wak2vxb5oeRequests return one of the responses below.
| Response code | Response message | Reason |
|---|---|---|
200 | OK | Request accepted |
202 | Missing authentication token | No token added to the request |
202 | Wrong authentication token | Token added but not recognized. Check it’s set correctly and is active on the dashboard |
Manage your tokens
To add multiple auth tokens, follow the same setup steps listed above.
Always test your tokens after implementation. When S2S authentication is active, requests with new tokens that aren’t correctly implemented are rejected.
If you’re no longer using a token, you can deactivate it:
- Under AppView, select My apps.
- Select your app.
- Select the Protection tab.
- Under the S2S Security section, select Open S2S Security.
- Find your token and slide the toggle to the off position.
If you deactivate all your tokens, Adjust automatically deactivates S2S authentication to ensure you don’t reject all S2S traffic.
You can reactivate inactive tokens at any time sliding the toggle to the on position, or hide inactive tokens by turning the Show inactive tokens toggle off.
To deactivate S2S authentication, disable the toggle labeled S2S authentication is ON: you’re protected against fraud.. A warning modal appears. Select Turn off to deactivate S2S authentiaction.